Author
Topic: Parent Proxy Opnsense (Read 4064 times)

Hey folks,I configured the Webproxy with a ParentProxy and I'm here to share my experiences with that.

The WebGui does not have an option to define a ParentProxy, so we need to dig deeper:

First of all, there are two directorys:/usr/local/etc/squid/pre-auth/usr/local/etc/squid/post-auth

Here I'm using the pre-auth folder. In that folder you need to create a file with .conf ending. Without that file ending the Proxy won't use the config.I created a file namend ParentProxy.conf ; everything with qoutes needs to be set properly and without the quotes:

#acl for destinationdomains to use our ParentProxy# the point before the URL means, that every subdomain will also be sent to the ParentProxyacl "NameOfACLdomain" dstdomain .com .org .local host1.any.domain#ACL IP Listacl "NameOfACLIP" dst 10.193.100.5#ACL urlregexacl "NameOfACLregex" url_regex server1 http://server2.dings

#Now we define the Access, change the "ExamplePeer" to whatever you named your ParentProxy cache_peer# the first line says: every URL in the defined ACL is going to the ParentProxy# second line: everything else (not listed in ACL) will not go to the ParentProxycache_peer_access "ExamplePeer" allow "NameOfACLdomain"cache_peer_access "ExamplePeer" allow "NameOfACLIP"cache_peer_access "ExamplePeer" allow "NameOfACLregex"cache_peer_access "ExamplePeer" deny !"NameOfACLdomain"cache_peer_access "ExamplePeer" deny !"NameOfACLIP"cache_peer_access "ExamplePeer" deny !"NameOfACLregex"

# I'm not sure if that is really needed:# Here you can define which Domains should not go to the ParentProxy (I choosed our internal Domain)cache_peer_domain !.internal.domain